We used to talk about confidence tricksters and I guess we still do but, in techyworld, conmen have morphed into social engineers. It's a dubious promotion.

Rather than talk around the theory – which basically involves someone nasty conning someone nice to do something under false pretenses – let's jump into the practical by looking at the techniques played out, both in person and online. Have some confident examples.

Individuals or company employees may be targeted with a call from someone pretending to be a fresh-faced co-worker, an irate boss, a record-keeping human resources manager or a concerned IT administrator, for examples.

The social engineer may plead for, else demand, sensitive information such as a name, contact, a username, or a password. He may be phoning from, say, your workplace reception area or she could be using a spoof caller ID service to give internal credibility while actually calling from an outside line.

The walk-in alternative of, or extension to, the phone call scam, sees a social engineer pose in one of many possible roles to gain entrance to a building, to gain people's confidence, and ultimately to steal something sensitive such as network credentials.

Here moving into a technical vein, an attractive link, perhaps added to a site without the owner's knowledge, grabs your attention so you click it. Bam! You've been engineered with a Cross Site Scripting (XSS) attack (this time the hacking technique being technical rather than physical). The retrieved site is malicious but it's unlikely you'd suspect that. You could be lured to download malware if you'd not already done so when resolving the page, else to provide some sensitive data.

These prolific e-mail scams, again, often try to tempt you to some site where you're liberally scalped. Alternatively you could receive a spoof e-mail that is apparently from a known contact who has kindly sent you a file. Duly executed, the Trojanrootkit now provides the hacker a controlling backdoor access to your PC and its network.

Here's the growth market. Splashing around your sensitive data, trusting any old social application, and friending strangers on traceable online profiles is begging for trouble.

Engineering social networks is like shooting fish in a barrel, but there's also low hanging fruit to be had in forums, on personal or business sites, on blogs and wikis, and in newsgroups where, for instance, your new IT recruit may be asking what's the problem with that vulnerable old version of something like, well, WordPress for example.

Oops, hidden content alert!

Bear in mind that the guy who's copying that joke to your thumbdrive could be uploading a worm as well, the girl who's borrowing your wireless may be infiltrating the network, or the colleague who's fawning over your new phone could be tapping your data. You have to be ultra-careful who you trust and, for those working for you, you should give them the excuse to blame their refusal on strictly enforced default-deny guidelines.

wpCop, vpsBible & Guvnr

wpCop is brought to you by Olly Connelly who also helps Linux noobs set up web servers at vpsBible.com. Olly’s blog, Guvnr.com, doubles as the news vehicle for wpCop & vpsBible. The forums offer friendly support.